Porn-site Visitors Could Score a Payday for Theft of Their Browser Histories

Visitors to www.youporn.com over the past four years could be in store for a payday if a case against operators of the site proves they stole browser histories from visitors.

The class action suit claims visitors to youporn.com were harmed when JavaScript on the site probed their browsers to find out other sites the browser had visited, according to a complaint filed in U.S. District Court in California.

2010's biggest security SNAFUs

The suit comes on the heels of research that shows this practice of history sniffing is possible and actually occurs. If the suit is successful, the two California men who filed it and anyone else who joins their class action stand to gain unspecified damages.

The complaint was filed against Midstream Media, based in the Netherlands Antilles, which runs youport.com and other pornography sites.

The suit says the complainants were harmed because their browser histories have value that they could sell to interested parties and the defendants stole them.

Youporn.com is one of the sites listed in a paper by University of California, San Diego, researchers as actually carrying out history sniffing. The researchers developed a tool that visits sites and determines if they probe browser histories and send them somewhere else on the Internet. The lawsuit doesn't mention the research -- but sentences of the complaint that describe history sniffing match sentences in the paper word for word.

Authors of the research say that history sniffing can be used to find phishing targets. If, for example, the history reveals that the browser routinely visits a particular online banking site, attackers would know what phony banking page to serve up in order to steal login information, they say.

In addition, the practice can be used by businesses to find out what competitors a site visitor has already checked out and be used by advertising firms trying to create profiles of visitors so they can target them with ads of interest, the researchers say.

The suit claims that Midstream Media violated U.S. and California laws covering data theft and privacy.

Read more about wide area network in Network World's Wide Area Network section.

Subscribe to the Security Watch Newsletter

Comments